How do I do it? There is plenty of info on how to configure JBoss to use SSL for EJB invocation, but there is nothing I can find that ties using SSLSockets or an SSL defined JRMP invoker to the messaging ILs, or in fact to anything in JBoss MQ. (This includes searching twiki, the forums. google and reading the A&D Guide).

After much prodding I got some info in September 2003. I saved the answers but forgot to get the second page. This was probably for 3.2.1, so not sure if there are differences for the latest version. Good thing I saved it because it appears they deleted it from the forums. I'll leave it to the reader to speculate on why that might be.

Below is what I coaxed out of Adrian, though I think there was still something missing that was posted on the second page of the now deleted thread.

One thing that snagged me was needing to set up the client-side truststore for the entity connecting to the server's JBossMQ instance and needing to have the server's certificate in the client's truststore.

1) Created a keystore in server/default/conf/test.keystore2) Created a security domain that references it(resource: is jboss specific protocol that loads from theclassloader, conf/ is the first classloader installed by jboss)

resource:test.keystoressltest

3) Deployed a HTTPSUIL2ConnectionFactory

<depends optional-attribute-name="Invoker">jboss.mq:service=InvokerHTTPSUIL2ConnectionFactoryHTTPSUIL2XAConnectionFactory819360000true<!-- Used to disconnect the client if there is no activity --><!-- Ensure this is greater than the ping period -->70000<!-- The size of the buffer (in bytes) wrapping the socket --><!-- The buffer is flushed after each request -->2048<!-- Large messages may block the ping/pong --><!-- A pong is simulated after each chunk (in bytes) for both reading and writing --><!-- It must be larger than the buffer size -->1000000org.jboss.security.ssl.ClientSocketFactoryorg.jboss.security.ssl.DomainServerSocketFactoryjava:/jaas/SSL

On the client set the system property to use the keystoreas the truststore.

1) Created a keystore in server/default/conf/test.keystore
2) Created a security domain that references it
(resource: is jboss specific protocol that loads from the
classloader, conf/ is the first classloader installed by jboss)
<mbean code="org.jboss.security.plugins.JaasSecurityDomain"
name="jboss.security:service=JaasSecurityDomain,domain=SSL">
<constructor>
<arg type="java.lang.String" value="SSL"/>
</constructor>
<attribute name="KeyStoreURL">resource:test.keystore</attribute>
<attribute name="KeyStorePass">ssltest</attribute>
</mbean>
3) Deployed a HTTPSUIL2ConnectionFactory
<mbean code="org.jboss.mq.il.uil2.UILServerILService"
name="jboss.mq:service=InvocationLayer,type=HTTPSUIL2">
<depends optional-attribute-name="Invoker">jboss.mq:service=Invoker</depends>
<attribute name="ConnectionFactoryJNDIRef">HTTPSUIL2ConnectionFactory</attribute>
<attribute name="XAConnectionFactoryJNDIRef">HTTPSUIL2XAConnectionFactory</attribute>
<attribute name="ServerBindPort">8193</attribute>
<attribute name="PingPeriod">60000</attribute>
<attribute name="EnableTcpNoDelay">true</attribute>
<!-- Used to disconnect the client if there is no activity -->
<!-- Ensure this is greater than the ping period -->
<attribute name="ReadTimeout">70000</attribute>
<!-- The size of the buffer (in bytes) wrapping the socket -->
<!-- The buffer is flushed after each request -->
<attribute name="BufferSize">2048</attribute>
<!-- Large messages may block the ping/pong -->
<!-- A pong is simulated after each chunk (in bytes) for both reading and writing -->
<!-- It must be larger than the buffer size -->
<attribute name="ChunkSize">1000000</attribute>
<attribute name="ClientSocketFactory">org.jboss.security.ssl.ClientSocketFactory</attribute>
<attribute name="ServerSocketFactory">org.jboss.security.ssl.DomainServerSocketFactory</attribute>
<attribute name="SecurityDomain">java:/jaas/SSL</attribute>
</mbean>
On the client set the system property to use the keystore
as the truststore.
<java classname="test.client.Client" fork="true">
<sysproperty key="javax.net.ssl.trustStore" path="${jboss.home}/server/${jboss.config}/conf/test.keystore"/>
<classpath refid="client.classpath"/>
</java>